Technical

Instructional and troubleshooting
Reboot PFSense HA Pair
    There will be exceptions to the below, but for a standard HA reboot process this should be applicable. Before restarting, confirm the following: On both firewalls, check CARP status. This is under Status gt Carp (Failover)The primary firewall should show all interfaces status as MASTERThe secondary firewall should show all interfaces status as BACKUPimage.png 8.23 KBOn both firewalls, check Gateway status. This is under Status gt GatewaysAll gateways should show as Online on both firewalls with no loss for a successful HA failover.
Mimecast For Outlook 7 10 Install
    Install files for Mimecast 7.1 (all prior version are EOL 2/28/22)Mimecast for Outlook 7.10.0.72 (x64).msi 20.3 MBMimecast for Outlook 7.10.0.72 (x86).msi 20.13 MB
How To Expand Storage On A Proxmox Virtual Machine
    Use Case: In the event that the hard drive fills up on a Linux VM, and space cannot be cleared, additional storage must be added. This can be accomplished easily within the Proxmox hypervisor itself. Pre-Check: Before allocating additional space, please schedule a reboot of the appliance. Afterwards, confirm if the storage still needs to be expanded. Linux does not free up space for deleted files if the related process is still running.
AIS Managed Firewall Specifications
    Baseline specifications
AIS VoIP Phone Compatibility
    SIP-compatible phones specifically validated to function properly with AIS Managed VoIP
Bidirectional NAT For NMS

    On the Router

    Go to VPN.Select IPsec.Select the green “Add P1” button on the bottom left.Select the below settings for the Tunnel Phase 1:Key Exchange version: IKEv1Internet Protocol: IPv4Interface: WAN-VIPRemote Gateway: IP of NMS firewall Description: AIS NMSAuthentication Method: Mutual PSKNegotiation Mode: MainMy identifier: IP Address VIP addressPeer identifier: Peer IP AddressPre-Shared Key: Create a new Pre-Shared KeyEncryption Algorithm: AES SHA256 2 (1024 bit)Lifetime: 28800NAT Transversal: AutoDead Peer Detection: Enable DPD checkedDelay: 10Max failures: 50Select the below settings for the Tunnel Phase 2:Mode: Tunnel IPv4Local Network: Network / Local SubnetNAT/BINAT translation: Network / Subnet to be used on NMSRemote Network: NMS NetworkProtocol: ESPEncryption Algorithms: AESHash Algorithms: SHA256PFS key group: offLifetime: 86400Automatically ping host: NMS Internal IP

Remote Access Procedure 2021
    AIS_Remote_Access_Procedure_2021.PDF
How To Generate An O365 App Password
    1. Go to https://login.microsoftonline.com2. Click on your initials at the top right3. Click View Account4. Click Security Info5. Click +Add method6. Choose App password from the dropdown7. Click Add8. Name the App Password (e.g. iPhoneMailApp)9. Click Next10. The password is displayed. Enter this instead of your usual O365 password when the password is requested on your phone. 11.Click done. 12.One you have clicked “done” you cannot go back to view the password.
AIS VoIP Admin Documentation

    Change the system initial menu Please contact AIS Support for assistance with IVR (initial menu) changes. Re-record system recordings

    Dial the specified feature code for the desired system recording from any handsetEnter the password, if required, followed by ‘'#’’ (the system will prompt for the password to be entered if one has been set)You will hear a beep and then the existing system recording will playTo listen to the recording again, press ‘‘1’’To re-record the recording, press ‘'’’After the beep, speak the new version of the recordingPress ‘'#’’ to end the recordingTo listen to the new recording, press ‘‘1’’To re-record the recording, press ‘'’’Hang up when you are satisfied with the way the new recording sounds

AIS VoIP Detailed Deployment Planning

    Type of Voice Lines Overview

    A VoIP deployment can connect to the phone system in a number of ways: By using existing analog lines and analog-to-digital conversion hardwareOpt to have no connections to analog lines for voice traffic and instead use a VoIP all-digital connection to an external phone service called a VoIP-termination service (note that fax lines and any emergency voice call lines generally need to continue to be analog-based) – see “Digital Incoming Lines” below digital connections depend on the site’s Internet connection to the VoIP-termination servers working and having adequate bandwidth for voice traffic available at all timesOr, use a mix of the two approaches More information is below on each approach.

AIS VoIP E911 Test Procedure
    Testing with 933: Twilio has allowed 933 to test your E911 number. You can test any number as much as you need to. It will allow you to test voice going both ways and whether the system is able to identify your address. Testing with a test extension: You should be able to set up a test phone set it up on AIS VoIP. This will allow you to test remotely.
AIS VoIP End User Documentation

    Call forwarding

    This feature allows you to direct calls to your extension to instead to another internal extension or to an external phone number, such as your cell phone or home phone number. The “Follow me” feature (below) can also be used to do this. Enable call forwarding

    Instructions

    Dial the “Call Forward All Activate” feature code (''*72’')After being prompted, enter your own extension number followed by ‘'#’’ (this is the extension to redirect)If directing the call to another internal extension, enter the extension number followed by ‘'#’’If directing the call to an external phone number, enter the external number to dial followed by ‘'#’’The settings will be read back to you to confirm them.

AIS VoIP End User Voicemail Instructions

    Voicemail

    AIS Managed VoIP provides a highly flexible, highly capable voicemail system. Accessing Your Mailbox

    Log in by pressing the voicemail button or by dialing *97 from your VoIP PhoneIf dialing from a phone with a different extension, dial *98, then your extension numberVoicemail Menus

    Main Menu

    The main menu will be the first menu you hear when you have logged in. Here are the main menu options:

AIS VoIP Example Call Flow
    Cisco 79xx VoIP Phone Configuration On AIS VoIP

      Requirements: Cisco VoIP phones have a maximum Extension Secret/Password length of 16 characters (If a longer password is used, the phone will not register) Overview

      create extension for phone in AIS VoIP:Applications gt Extensions gt Add Extension gt New CHAN_SIPUser Extension: ext numberDisplay Name: ext numberOutbound CID: 10-digit phone number associatedSecret:Click “Advanced”.NAT Mode: YesTransport: All - TCP PrimaryClick “Submit”.Click “Apply Config” (Red button on top-right).Add external IP range to firewall port 69:create SEP[MAC ADDRESS].

    E911 Setup With AIS VoIP
      There are two components to setting up AIS VoIP for calls to emergency services: An outbound route must be set up. This will detect when somebody is trying to call 911 and specify the Emergency CID is to be used instead of normal CID settings.If there are multiple locations, specify the emergency CID for each extension.Emergency Outbound Route: Note: As stated above, this setting allows the system to identify when it should override normal caller ID setting with the Emergency Caller IDs we will setup in the next step.
    E911 Setup With Twilio
      Prerequisites: A Twilio account should be set up and able to make calls. Picking a number or numbers for E911: Each location at which VoIP services is set up should have one number set up as the E911 number. To reduce costs, only one number needs to and should be configured for a location. Whatever is considered to be the main line at the location should be chosen. This number will be the number 911 dispatch sees and will call back if they get hung up on.
    Grandstream Setup With AIS VoIP
      Gather SuppliesPhysical installPlace phone.Connect patch cable to patch port in wall to the LAN port on phone.Optional Connect patch cable to computer and the PC port on phone.Troubleshooting: Phone not powering onEnsure the patch port is connected to a PoE on Switch.Check cables are seated and in correct port.If switch is not PoE capable connect a PoE injector on the line or use power cable for the phone itself.Network connectionBy default, the phone will use DHCP and should pull IP configurations automatically.
    Resetting IP Phone To Factory Default
    Twilio Phone Porting Steps
      Log on to the Twilio portalFrom the home page, click on the pound symbol:Under “Phone Numbers,” click on “Port Host” and then “Port a Number.”Select the checkbox next to all five conditions to agree to them and then proceed to fill out the billing address for the customer.List the phone numbers being ported, and upload the latest billing statement from the current provider:Fill out the Twilio Inc. Letter of Authorization and upload to Documents.
    Configure A Palo Alto Firewall To Send Syslog To AIS Managed SIEM
      1. Add a new syslog server profile:

      Name: AIS_SIEM Server: syslog.aislabs.com Transport: UDP Port: !!Provided in email!! Format: BSD Facility: LOG_USER  
      2. Configure syslog forwarding for Traffic, Threat, and WildFire Submission logs

      a. Select Objects gt Log Forwarding, click Add, and enter “AIS_FORWARDING” to identify the profile.

      b. For each log type, each severity level, or WildFire verdict, select the “AIS_FORWARDING” Syslog server profile and click OK.

      c. Assign the “AIS_FORWARDING” log forwarding profile to all of the security rules

      3. To forward logs for a specific security policy / firewall rule:

      a. Select Policies gt Security

      b. Click the policy in which you want to configure log forwarding

      c. Select Actions

      d. Select the profile to forward the logs to in the Log Forwarding dropdown list

      e. Click OK

      4. Configure syslog forwarding for System, Config, HIP Match, and Correlation logs

      a. Select Device gt Log Settings

      b. For system and Correlation logs, click each Severity level, select the AIS_SIEM profile, and click OK.

      c. For Config, HIP Match, and Correlation logs, click the Edit icon, select the AIS_SIEM profile, and click OK.

      5. Commit the changes

    Office 365 Configuration To Send Logs To AIS Managed SIEM
    Sending SoftEther VPN Server Logs To AIS SIEM
      Access SoftEther VPN Manager.Click “Encryption and Network”.Click “Send Server and Virtual Hub Security Logs by Syslog”.Syslog Server Host Name: syslog-in.aislabs.comPort: [AIS SIEM port assigned]
    SIEM Stream Creation/Modification In AIS Managed SIEM
      Key steps: Find the AIS Managed SIEM Input you wish to use for the new Stream.Click “Show Received Messages” next to the desired Input. Copy the Search Query near the top of the page.Click “Create Stream”.Add title and Description.Click checkbox “Remove matches from All Messages” stream.Click “Save”.Find the newly created Stream and click “Manage Rules” next to it.Click “Add Stream Rule”.In the Field textbox, type gl2_source_input Value textbox.Use the second part of the Search Query from Step 2.
    User Account Creation/Modification In AIS Managed SIEM

      Key steps:

      Log in to https://security.aislabs.com.Click System top menu and then “Authentication”.If this is the first time creating a User for this Account, click “Roles” on the left side.Click “Add New Role”Name: ClientNameDescription: ClientNamePermissions:Streams: Click “Allow Editing” only next to the Stream.Click “Dashboards”.Click “Allow Editing” only next to that Dashboard.Click “Save”.Click “Users” and then “Add new user”.Username: type the email address. Note: AIS SIEM usernames are case sensitive, please only type the email address in lower case.

    Adding Devices To AIS NMS

      Adding new devices to the AIS NMS

      log in to NMS platform as an admin userFor SNMP-enabled Devices (Most Devices)

      Click Devices gt Add DeviceIn the Hostname textbox, type in the Hostname or IP Address of the device to be added.In most cases, the remaining default settings should stay the same and you should be able to click “Add Device”.For Ping Check Only Devices (Comcast Modems, etc)

    AIS NMS Architecture Documentation

      NMS Concepts:

      Poller group: One or more NMS servers behind a pfSense that polls SNMP, icmp, and other service data from devices assigned to a specific Poller group every 5 minutesAll Poller groups use the same MySQL cluster as a central database.The web interface can view Devices from all Poller groups because of the central database.Manually adding devices must be done from the web interface of the Poller group associated with that device.

    Creating A Service Monitor In NMS
      If you have ever had complaints of erratic behavior from an external web server that is out of your control, it can be difficult to convince a user that the issue is on the external host’s side. This guide will show you how to add a service monitor to NMS to monitor a website or device to which you do not have access. In most situations, you will not be able to enable SNMP on an external web server.
    Creating Or Modifying AIS NMS Alert Rule Notification
      Note: Alert Rules and Notifications can only be accessed by an AIS admin user Login to NMS portal as an admin user.On the top navigation bar, hover over Alerts-gtAlert Transports.If the user doesn’t have an existing Alert Transport, click button “Create alert transport”.Transport Name: NameTransport Type: MailDefault Alert: Off (Note: Turning this on would send all alerts from the entire system.)Email: Email addressClick button “Save Transport”.On the top navigation bar, hover over Alerts-gtAlert RulesIf there isn’t an existing Rule, click “Create rule from collection”Select “Devices up/down”.
    Enabling SNMP On VMware Vhost For AIS NMS
    Provision New Webroot And Continuum Site

      Set up Webroot First, prior to Continuum site.

      Log into Continuum site.Log into Webroot portal.Click “Add Site”.In the first screen, enter site name using Full Company Name. Company is External, Size(approx), Industry(approx), leave all other fields at default.Change no other fields and click “Next”.On the Permissions page, hover over “Admin” radial in the top-left column. This makes the AIS admins admins over the site. Click “next”.This is the Protection page.

    Last modified May 9, 2022